Tranquil IT Forum

Hello,
Server:
Version: 2.5.5.15697
OS: Debian 12.7

Client:
Windows 11 23H2

I would like to block specific executables based on the user account.
To do this, I would like to use the command
`registry_setstring(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun", '1', 'powershell.exe', type=REG_SZ)`
to block PowerShell, for example.
However, I get a PermissionError: [WinError 5] Access is denied. The user cannot write to this registry.
Is there a way to work around this and successfully set this registry?

Thank you for your help.
Have a good day.

Did you use session-setup?

https://www.wapt.fr/fr/doc/wapt-create- ... sion-setup

Jacky

Hello guigeek,

what we see in the HKCU user registry with regedit is a mount of the NTUSER.dat and UsrClass.dat databases, as well as Appx-specific parts and parts related to the user GPO.

In this case, the key you want to change, SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies, is part of the user GPOs, if I'm not mistaken, and therefore cannot be modified by the user.

You can try the LGPO tool to define a local GPO that makes the change in question.

@Jacky, it must have been launched in session_setup if the access rights are incorrect

. Regards,

Denis